Categories

Meta

Monthly Archives for February 2014

I was called in to help secure a network in pinch. This called for some quick action, with very little resources. No time to purchase a firewall, or drastically redesign the network. We needed something now.

The clients network had their printers, desktops, servers, SANS, and switches all on one subnet, publicly accessible to the internet, with no hardware firewall. Hackers were exploiting NTP bugs, trying default accounts and passwords, and trying to brute force their way into everything. Without having a complete understanding of the infrastructure, and what renumbering and redesigning the entire network might impact, I decided to implement a quick fix while a firewall was ordered and careful redesign steps could be planned for.

This quick fix was to create a transparent bridge and move all the vulnerable devices onto a private VLAN, while allowing the transparent bridge to firewall and secure all of these devices.

First, I had to reclaim an old Dell R310 server. Nobody knows the BIOS passwords for any of the servers, so after a quick BIOS password clear and reboot, I installed Ubuntu 12.04LTS using basic settings, and updates. After consulting with my Cisco experts, we configured two ports:

And then installed the iptables-persistent package to save iptables rules across reboots and interface resets

apt-get install iptables-persistent

The next step was to look at all the switch ports, identify all the devices that needed to be secured, and move them to the new private vlan.

show int status

find all the vulernable device ports

conf t
int gi 1/0/X
switchport access vlan 25

Then I went to the vCenter and looked at all the guests that needed to be secured, including the esxi hosts themselves, and changed them to the new private vlan.

Now an NMAP scan from on site has access to their equipment, and an NMAP scan from offsite shows just a collection of desktops, printers, and public facing servers. No more free access to esxi hosts, equallogic storage, video cameras, environmental sensors, etc…

“Add a miniature wireless controller to your computer project with this combination keyboard and touchpad. We found the smallest wireless USB keyboard available, a mere 6″ x 2.4″ x 0.5” (152mm x 59mm x 12.5mm)! It’s small but usable to make a great accompaniment to a computer such as the Beagle Bone or Raspberry Pi. The keyboard itself is battery powered (there’s a rechargeable battery inside that you charge up via the included USB cable). The keyboard communicates back to the computer via 2.4 GHz wireless link (not Bluetooth)

The keyboard can only be used with a USB-host such as a computer. Its not intended to be used with an Arduino or Basic Stamp, etc. We tested it with the Raspberry Pi and it works great: uses only one USB port for both mouse and keyboard.”